Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup Ads Bottom Left and Right Corners ( Chrome and IE)


  • Please log in to reply
21 replies to this topic

#1 thompjon

thompjon

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:07 AM

I originally had this issue with IE explorer but was able to stop the problem by running Malware and making adjustments to tracking.  

 

After reading the post of Narenep here are my results from running the tests.  I will upload them one by one.

 

ESET Online

 

 

 

C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll    Win32/Toolbar.MyWebSearch.Q application    cleaned by deleting - quarantined
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined


BC AdBot (Login to Remove)

 


#2 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:12 AM

Here is another test

 

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-23 20:11:29
-----------------------------
20:11:29.006    OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:29.007    Number of processors: 4 586 0x2502
20:11:29.007    ComputerName: JOHNSON-PC  UserName: Johnson
20:11:33.650    Initialize success
20:28:32.135    AVAST engine defs: 13022301
20:30:14.944    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:14.946    Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
20:30:14.981    Disk 0 MBR read successfully
20:30:14.983    Disk 0 MBR scan
20:30:15.006    Disk 0 unknown MBR code
20:30:15.020    Disk 0 Partition 1 00     1B   Hidd FAT32 NTFS        14524 MB offset 2048
20:30:15.047    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       939343 MB offset 29747200
20:30:15.097    Disk 0 scanning C:\Windows\system32\drivers
20:30:29.116    Service scanning
20:30:51.311    Modules scanning
20:30:51.317    Disk 0 trace - called modules:
20:30:51.332    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:30:51.337    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006551060]
20:30:51.339    3 CLASSPNP.SYS[fffff88001acd43f] -> nt!IofCallDriver -> [0xfffffa8006294520]
20:30:51.548    5 ACPI.sys[fffff88000f727a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006296060]
20:30:52.991    AVAST engine scan C:\Windows
20:30:55.014    AVAST engine scan C:\Windows\system32
20:35:06.067    AVAST engine scan C:\Windows\system32\drivers
20:35:25.205    AVAST engine scan C:\Users\Johnson
20:37:01.254    Disk 0 MBR has been saved successfully to "C:\Users\Johnson\Desktop\MBR.dat"
20:37:01.278    The log file has been saved successfully to "C:\Users\Johnson\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-23 20:11:29
-----------------------------
20:11:29.006    OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:29.007    Number of processors: 4 586 0x2502
20:11:29.007    ComputerName: JOHNSON-PC  UserName: Johnson
20:11:33.650    Initialize success
20:28:32.135    AVAST engine defs: 13022301
20:30:14.944    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:14.946    Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
20:30:14.981    Disk 0 MBR read successfully
20:30:14.983    Disk 0 MBR scan
20:30:15.006    Disk 0 unknown MBR code
20:30:15.020    Disk 0 Partition 1 00     1B   Hidd FAT32 NTFS        14524 MB offset 2048
20:30:15.047    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       939343 MB offset 29747200
20:30:15.097    Disk 0 scanning C:\Windows\system32\drivers
20:30:29.116    Service scanning
20:30:51.311    Modules scanning
20:30:51.317    Disk 0 trace - called modules:
20:30:51.332    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:30:51.337    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006551060]
20:30:51.339    3 CLASSPNP.SYS[fffff88001acd43f] -> nt!IofCallDriver -> [0xfffffa8006294520]
20:30:51.548    5 ACPI.sys[fffff88000f727a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006296060]
20:30:52.991    AVAST engine scan C:\Windows
20:30:55.014    AVAST engine scan C:\Windows\system32
20:35:06.067    AVAST engine scan C:\Windows\system32\drivers
20:35:25.205    AVAST engine scan C:\Users\Johnson
20:37:01.254    Disk 0 MBR has been saved successfully to "C:\Users\Johnson\Desktop\MBR.dat"
20:37:01.278    The log file has been saved successfully to "C:\Users\Johnson\Desktop\aswMBR.txt"
20:51:23.173    AVAST engine scan C:\ProgramData
21:08:18.259    Scan finished successfully
21:13:11.802    Disk 0 MBR has been saved successfully to "C:\Users\Johnson\Desktop\MBR.dat"
21:13:11.837    The log file has been saved successfully to "C:\Users\Johnson\Desktop\aswMBR.txt"
 
 


#3 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:14 AM

The TDSS Killer log is large and giving me trouble uploading.  Do you need the entire log or just a portion.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:45 AM

Posted 24 February 2013 - 01:26 PM

Just post last few lines of tdsskiller log alone

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:07 PM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.25.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johnson :: JOHNSON-PC [administrator]
 
Protection: Enabled
 
2/24/2013 10:02:09 PM
mbam-log-2013-02-24 (22-02-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208541
Time elapsed: 3 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:13 PM

MiniToolBox by Farbar  Version:10-01-2013
Ran by Johnson (administrator) on 24-02-2013 at 22:11:24
Running from "C:\Users\Johnson\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Johnson-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : launchmodem.com
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-CF-30-A0-15-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4cc8:26b8:4fa8:bfa0%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.97(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, February 24, 2013 9:48:59 PM
   Lease Expires . . . . . . . . . . : Monday, February 25, 2013 9:48:59 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 237031216
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-97-3A-39-20-CF-30-A0-15-11
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.launchmodem.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c02:3c2f:47df:4ad4(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c02:3c2f:47df:4ad4%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  launchmodem
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4008:806::1003
      74.125.229.199
      74.125.229.200
      74.125.229.201
      74.125.229.206
      74.125.229.192
      74.125.229.193
      74.125.229.194
      74.125.229.195
      74.125.229.196
      74.125.229.197
      74.125.229.198
 
 
Pinging google.com [74.125.229.199] with 32 bytes of data:
Reply from 74.125.229.199: bytes=32 time=28ms TTL=53
Reply from 74.125.229.199: bytes=32 time=27ms TTL=53
 
Ping statistics for 74.125.229.199:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 28ms, Average = 27ms
Server:  launchmodem
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=175ms TTL=45
Reply from 206.190.36.45: bytes=32 time=191ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 175ms, Maximum = 191ms, Average = 183ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=12ms TTL=128
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 12ms, Average = 8ms
===========================================================================
Interface List
 10...20 cf 30 a0 15 11 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.97     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.97    276
     192.168.1.97  255.255.255.255         On-link      192.168.1.97    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.97    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.97    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.97    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:953c:3c02:3c2f:47df:4ad4/128
                                    On-link
 10    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::3c02:3c2f:47df:4ad4/128
                                    On-link
 10    276 fe80::4cc8:26b8:4fa8:bfa0/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/24/2013 10:08:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/24/2013 01:50:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2013 01:50:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/23/2013 08:39:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/23/2013 08:39:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/23/2013 09:56:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/21/2013 08:42:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/20/2013 05:21:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: ezprint.exe, version: 3.98.0.0, time stamp: 0x4bb9c1ce
Faulting module name: Ltwvc215u.dll, version: 15.0.0.7, time stamp: 0x463eca06
Exception code: 0xc0000005
Fault offset: 0x00018a21
Faulting process id: 0x914
Faulting application start time: 0xezprint.exe0
Faulting application path: ezprint.exe1
Faulting module path: ezprint.exe2
Report Id: ezprint.exe3
 
Error: (02/19/2013 08:54:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/18/2013 09:02:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/24/2013 09:49:02 PM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
Error: (02/24/2013 09:48:50 AM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
Error: (02/23/2013 10:23:35 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Home Network service, but this action failed with the following error: 
%%1056
 
Error: (02/23/2013 10:22:35 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Home Network service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/23/2013 08:04:44 PM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
Error: (02/23/2013 06:22:11 PM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
Error: (02/23/2013 00:56:36 PM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
Error: (02/23/2013 00:48:30 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error: 
%%1053
 
Error: (02/23/2013 00:48:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
 
Error: (02/23/2013 00:47:53 PM) (Source: Service Control Manager) (User: )
Description: The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (01/06/2013 11:20:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-13 07:50:52.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-13 07:50:52.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-13 07:50:52.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-13 07:50:52.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:16.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:16.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:16.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:16.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:08.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Temp\qxz6D86\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-12 21:23:08.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Temp\qxz6D86\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (Version: 1.2.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
AdFender (Version: 1.60)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.6)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Reader 9.5.4 (Version: 9.5.4)
AI Manager (Version: 1.08.07)
Akamai NetSession Interface
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ASUS Backup Wizard (Version: 1.00.09)
ASUS VIBE (Version: 1.0.188)
ASUSUpdate (Version: 7.18.03)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
Check Point SSL Network Extender (Version: 7.01.0000)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Coupon Printer for Windows (Version: 5.0.0.1)
Coupons.com Toolbar (Version: 6.6.0.19)
ebi.BookReader3J (Version: 3.75.14)
EPU-4 Engine (Version: 1.01.02)
ESET Online Scanner v3
Event Planner
Google Chrome (Version: 25.0.1364.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
H&R Block Basic + Efile 2010 (Version: 10.02.6402)
H&R Block Basic + Efile 2011 (Version: 11.02.7102)
H&R Block Deluxe + Efile 2012 (Version: 12.04.7001)
Hallmark Card Studio 3 Deluxe
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 11.0.1.12)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 14.0.8089.726)
Lexmark Pro700 Series
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee AntiVirus (Version: 12.1.253)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
QuickTime (Version: 7.73.80.64)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Shared C Run-time for x64 (Version: 10.0.0)
ShopAtHome.com Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! BrowserPlus 2.9.8
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 32%
Total physical RAM: 6031.05 MB
Available physical RAM: 4048.66 MB
Total Pagefile: 12060.3 MB
Available Pagefile: 9749.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:856.93 GB) NTFS
2 Drive d: (CS3DLX_CD1) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\JOHNSON-PC
 
Administrator            Guest                    Johnson                  
 
 
**** End of log ****


#7 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:15 PM

Farbar Service Scanner Version: 20-02-2013
Ran by Johnson (administrator) on 24-02-2013 at 22:15:09
Running from "C:\Users\Johnson\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#8 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:18 PM

# AdwCleaner v2.113 - Logfile created 02/24/2013 at 22:17:47
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Johnson - JOHNSON-PC
# Boot Mode : Normal
# Running from : C:\Users\Johnson\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Coupons.com
Folder Found : C:\Program Files (x86)\SelectRebates
Folder Found : C:\Users\Johnson\AppData\Local\Conduit
Folder Found : C:\Users\Johnson\AppData\LocalLow\Conduit
Folder Found : C:\Users\Johnson\AppData\LocalLow\Coupons.com
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Coupons.com
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Coupons.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37AE00AB-70CA-4E98-B1CE-DC138AE847FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B47F731-474A-4C10-AE71-7CC094A39692}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F0C7DDD-026D-41C3-A8D1-E4EE05AB083C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
File : C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\7kd1k3hw.default\prefs.js
 
Found : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;w[...]
Found : user_pref("aol_toolbar.cookie.homepage", "");
Found : user_pref("aol_toolbar.cookie.search", "");
Found : user_pref("aol_toolbar.curtain.congrats", "curtain");
Found : user_pref("aol_toolbar.default.homepage.check", true);
Found : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000022");
Found : user_pref("aol_toolbar.default.search.check", true);
Found : user_pref("aol_toolbar.default.search.label", "AOL Search");
Found : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Found : user_pref("aol_toolbar.firsttime.showwindow", false);
Found : user_pref("aol_toolbar.guid", "{16102384-CC13-B078-2214-C8873EC152A6}");
Found : user_pref("aol_toolbar.install.distroid", "aol");
Found : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Found : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9085");
Found : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Found : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000022");
Found : user_pref("aol_toolbar.install.ncid", "");
Found : user_pref("aol_toolbar.metrics.activestampdate", "10");
Found : user_pref("aol_toolbar.metrics.activestampmonth", "0");
Found : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Found : user_pref("aol_toolbar.metrics.log", false);
Found : user_pref("aol_toolbar.metrics.originalDate", "13");
Found : user_pref("aol_toolbar.metrics.originalHours", "5");
Found : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Found : user_pref("aol_toolbar.metrics.originalMonth", "11");
Found : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Found : user_pref("aol_toolbar.metrics.originalYear", "2012");
Found : user_pref("aol_toolbar.relatednews.enabled", false);
Found : user_pref("aol_toolbar.remote.publish.xml", "1357871380218");
Found : user_pref("aol_toolbar.rtw.active", false);
Found : user_pref("aol_toolbar.search.button", true);
Found : user_pref("aol_toolbar.search.cid", "02-01-2013");
Found : user_pref("aol_toolbar.search.instd", "2012111105255352");
Found : user_pref("aol_toolbar.search.oid", "13-11-2012");
Found : user_pref("aol_toolbar.search.placement", "right");
Found : user_pref("aol_toolbar.search.populateoncomplete", false);
Found : user_pref("aol_toolbar.search.savehistory", false);
Found : user_pref("aol_toolbar.search.searchtype", "web");
Found : user_pref("aol_toolbar.search.source", "dlcomaol-ff");
Found : user_pref("aol_toolbar.skin.custom", false);
Found : user_pref("aol_toolbar.surf.date", "3");
Found : user_pref("aol_toolbar.surf.lastDate", "10");
Found : user_pref("aol_toolbar.surf.lastMonth", "0");
Found : user_pref("aol_toolbar.surf.lastYear", "2013");
Found : user_pref("aol_toolbar.surf.month", "35");
Found : user_pref("aol_toolbar.surf.prevMonth", "17");
Found : user_pref("aol_toolbar.surf.total", "114");
Found : user_pref("aol_toolbar.surf.week", "3");
Found : user_pref("aol_toolbar.surf.year", "35");
Found : user_pref("aol_toolbar.ticker.active", false);
Found : user_pref("aol_toolbar.upgrade.showwindow", false);
Found : user_pref("aol_toolbar.weather.degc", "6");
Found : user_pref("aol_toolbar.weather.degf", "42");
Found : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/33_n.png");
Found : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Found : user_pref("aol_toolbar.weather.metric", true);
Found : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
Found : user_pref("aol_toolbar.weather.update", "1357871380230");
Found : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=dlc[...]
Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&s_qt=ab&s[...]
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [8845 octets] - [24/02/2013 22:17:47]
 
########## EOF - C:\AdwCleaner[R1].txt - [8905 octets] ##########


#9 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:39 PM

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/24/2013 10:38:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Johnson\Desktop\rkill\rkill-02-24-2013-10-38-53.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  64.46.36.178 www.google-analytics.com.
  64.46.36.178 ad-emea.doubleclick.net.
  64.46.36.178 www.statcounter.com.
  64.27.10.42 www.google-analytics.com.
  64.27.10.42 ad-emea.doubleclick.net.
  64.27.10.42 www.statcounter.com.
 
Program finished at: 02/24/2013 10:39:00 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)


#10 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 February 2013 - 10:44 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "EzPrint"    ""    ""    "c:\program files (x86)\lexmark pro700 series\ezprint.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "lxeemon.exe"    "Printer Device Monitor"    ""    "c:\program files (x86)\lexmark pro700 series\lxeemon.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl"    "Realtek HD Audio Manager"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravcpl64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Acrobat Assistant 8.0"    "AcroTray"    "Adobe Systems Inc."    "c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher"    "Adobe Acrobat SpeedLauncher"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher"    "Adobe Acrobat SpeedLauncher"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "GrooveMonitor"    "GrooveMonitor Utility"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Lexmark Pro700 Series"    "Fax Man Server"    ""    "c:\program files (x86)\lexmark pro700 series\fm3032.exe"
+ "mcpltui_exe"    "McAfee Security Center"    "McAfee, Inc."    "c:\program files\mcafee.com\agent\mcagent.exe"
+ "mcui_exe"    "McAfee Security Center"    "McAfee, Inc."    "c:\program files\mcafee.com\agent\mcagent.exe"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files (x86)\quicktime\qttask.exe"
+ "RunAIShell"    "Helper AP for Windows ShellExec for NT"    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\ai manager\asshellapplication.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Event Planner Reminders Tray Icon.lnk"    "Event Planner Reminder Application"    "Sierra Online"    "c:\sierra\planner\plnrnote.exe"
+ "McAfee Security Scan Plus.lnk"    "McAfee Security Scanner Scheduler"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\2.1.121\ssscheduler.exe"
"C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "AdFender.lnk"    "AdFender"    "AdFender, Inc."    "c:\program files (x86)\adfender\adfender.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\25.0.1364.97\installer\chrmstp.exe"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe Acrobat Synchronizer"    "Adobe Collaboration Synchronizer 10.1"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\acrobat 10.0\acrobat\adobecollabsync.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "application/x-mfe-ipt"    "McAfee MSC IE plugin DLL"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcsniepl64.dll"
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Groove GFS Stub Execution Hook"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Adobe.Acrobat.ContextMenu"    "Adobe Acrobat Context Menu"    "Adobe Systems Inc."    "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "McCtxMenuFrmWrk"    "McAfee ContextMenu Framework"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Adobe.Acrobat.ContextMenu"    "Adobe Acrobat Context Menu"    "Adobe Systems Inc."    "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Adobe.Acrobat.ContextMenu"    "Adobe Acrobat Context Menu"    "Adobe Systems Inc."    "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk"    "McAfee ContextMenu Framework"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Adobe.Acrobat.ContextMenu"    "Adobe Acrobat Context Menu"    "Adobe Systems Inc."    "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "scriptproxy"    ""    ""    "File not found: C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120722192313.dll"
+ "Windows Live Family Safety Browser Helper Class"    "Family Safety Browser Helper Object Library"    "Microsoft Corporation"    "c:\program files\windows live\family safety\fssbho.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Conversion Toolbar Helper"    "Adobe PDF Toolbar for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "scriptproxy"    ""    ""    "File not found: C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120722192313.dll"
+ "SmartSelect Class"    "Adobe PDF Toolbar for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Windows Live Sign-in Helper"    "WindowsLiveLogin.dll"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Adobe PDF"    "Adobe PDF Toolbar for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "&Blog This in Windows Live Writer"    "Windows Live Writer Blog This Extension"    "Microsoft Corporation"    "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote"    "Microsoft Office OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler"    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\ASUS\AsBackupWizard_Run"    "Helper tool for run ASUS Backup Wizard"    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\asbackupwizard\asrunbkwizardhelper.exe"
+ "\ASUS\ASUS RegRun Loader"    ""    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\aasp\1.00.97\asloader.exe"
+ "\ASUS\ASUS SIX Engine"    ""    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\epu-4 engine\fourengine.exe"
+ "\ASUS\ASUS Update Checker"    "UpdateChecker MFC Application"    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\asusupdate\updatechecker\updatechecker.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "cpextender"    ""    "Check Point Software Technologies"    "c:\program files (x86)\checkpoint\ssl network extender\slimsvc.exe"
+ "Device Handle Service"    "Device Handle"    "ASUSTeK Computer Inc."    "c:\windows\syswow64\ashookdevice.exe"
+ "fsssvc"    "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work."    "Microsoft Corporation"    "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HomeNetSvc"    "Allows McAfee applications to communicate securely on the local network."    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "lxee_device"    "Printer Communication System"    " "    "c:\windows\system32\lxeecoms.exe"
+ "lxeeCATSCustConnectService"    "Lexmark Connect Service Executable"    "Lexmark International, Inc."    "c:\windows\system32\spool\drivers\x64\3\lxeeserv.exe"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService"    "McAfee Security Scan Component Host Service"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\2.1.121\mcchsvc.exe"
+ "McNaiAnn"    "McAfee VirusScan Announcer"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "McODS"    "McAfee Scanner"    "McAfee, Inc."    "c:\program files\mcafee\virusscan\mcods.exe"
+ "mcpltsvc"    "McAfee Platform Services"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "McProxy"    "McAfee Proxy Service"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "mfecore"    "McAfee OnAccess Scanner"    "McAfee, Inc."    "c:\program files\common files\mcafee\amcore\mcshield.exe"
+ "mfefire"    "Provides firewall services to McAfee products"    "McAfee, Inc."    "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp"    "Provides validation trust protection services"    "McAfee, Inc."    "c:\windows\system32\mfevtps.exe"
+ "Microsoft Office Groove Audit Service"    "Groove Audit Service"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12"    "Dot4Net Module"    "Hewlett-Packard"    "c:\windows\system32\hpzinw12.dll"
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12"    "PmlDrv Module"    "Hewlett-Packard"    "c:\windows\system32\hpzipm12.dll"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "AsIO"    ""    ""    "c:\windows\syswow64\drivers\asio.sys"
+ "AsUpIO"    ""    ""    "c:\windows\syswow64\drivers\asupio.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "cfwids"    "McAfee Personal Firewall IDS Plugin"    "McAfee, Inc."    "c:\windows\system32\drivers\cfwids.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "mfeapfk"    "Access Protection Filter Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk"    "Anti-Virus File System Filter Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01"    ""    ""    "File not found: C:\Windows\System32\Drivers\mfeavfk01.sys"
+ "mfefirek"    "McAfee Core Firewall Engine Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk"    "McAfee Link Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfehidk.sys"
+ "mfencbdc"    "McAfee Content driver Copyright © 2010 McAfee, Inc. All Rights Reserved."    "McAfee, Inc."    "c:\windows\system32\drivers\mfencbdc.sys"
+ "mfencrk"    "McAfee Content driver Copyright © 2010 McAfee, Inc. All Rights Reserved."    "McAfee, Inc."    "c:\windows\system32\drivers\mfencrk.sys"
+ "mfewfpk"    "Anti-Virus Mini-Firewall Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfewfpk.sys"
+ "MTsensor"    "ATK0110 ACPI Utility"    ""    "c:\windows\system32\drivers\asacpi.sys"
+ "netr28x"    "Ralink 802.11 Wireless Adapter Driver"    "Ralink Technology, Corp."    "c:\windows\system32\drivers\netr28x.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167"    "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                "    "Realtek                                            "    "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "Capture File Writer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "Adobe PDF Port Monitor"    "Adobe PDF Port  Monitor DLL"    "Adobe Systems Inc"    "c:\windows\system32\adobepdf.dll"
+ "Fax Lexmark Pro700 Series Port"    ""    ""    "c:\windows\system32\lxeepmon.dll"
+ "Pro700 Series Port"    "Printer Communication System"    " "    "c:\windows\system32\lxeelmpm.dll"


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:45 AM

Posted 24 February 2013 - 10:55 PM

Junkware removal tool log?

 

Launch Adware cleaner and click on DELETE,post the new log


Edited by narenxp, 12 March 2013 - 12:28 AM.


#12 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 25 February 2013 - 10:14 PM

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 22:13:44
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Johnson - JOHNSON-PC
# Boot Mode : Normal
# Running from : C:\Users\Johnson\Desktop\Ad Cleaning\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
File : C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\7kd1k3hw.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [8974 octets] - [24/02/2013 22:17:47]
AdwCleaner[R2].txt - [9034 octets] - [24/02/2013 22:21:05]
AdwCleaner[R3].txt - [1140 octets] - [25/02/2013 22:12:50]
AdwCleaner[R4].txt - [1012 octets] - [25/02/2013 22:13:44]
AdwCleaner[S1].txt - [9404 octets] - [24/02/2013 22:21:14]
AdwCleaner[S2].txt - [336 octets] - [25/02/2013 22:13:30]
 
########## EOF - C:\AdwCleaner[R4].txt - [1191 octets] ##########


#13 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 25 February 2013 - 10:24 PM

It wont let me run MS Fixit

 

 

The Installer has encountered an unexpected error installing this package.  This may indicate a problem with this package.  The error code is 2738

 

and the pop ups are still there.



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:45 AM

Posted 25 February 2013 - 10:29 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

 

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts



Checkmark Restart System When Finished option
click the Start button

System should restart after repair
 

Now run mini toolbox and  and post the new log


Edited by narenxp, 25 February 2013 - 10:49 PM.


#15 thompjon

thompjon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 25 February 2013 - 10:35 PM

Run is not recognized as an internal or external command.  This is the message I get at the command prompt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users